[3733] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * CalDAV Server - handle DELTICKET method in line with defunct proposed RFC |
---|
| 4 | * from: http://tools.ietf.org/html/draft-ito-dav-ticket-00 |
---|
| 5 | * |
---|
| 6 | * Why are we using a defunct RFC? Well, we want to support some kind of system |
---|
| 7 | * for providing a URI to people to give out for granting privileged access |
---|
| 8 | * without requiring logins. Using a defunct proposed spec seems better than |
---|
| 9 | * inventing our own. As well as Xythos, Cosmo follows this specification, |
---|
| 10 | * with some documented variations, which we will also follow. In particular |
---|
| 11 | * we use the xmlns="http://www.xythos.com/namespaces/StorageServer" rather |
---|
| 12 | * than the DAV: namespace. |
---|
| 13 | * |
---|
| 14 | * @package davical |
---|
| 15 | * @subpackage caldav |
---|
| 16 | * @author Andrew McMillan <andrew@mcmillan.net.nz> |
---|
| 17 | * @copyright Morphoss Ltd - http://www.morphoss.com/ |
---|
| 18 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later |
---|
| 19 | */ |
---|
| 20 | dbg_error_log('DELTICKET', 'method handler'); |
---|
| 21 | require_once('DAVResource.php'); |
---|
| 22 | |
---|
| 23 | if ( ! $request->HavePrivilegeTo('DAV::unbind') && $request->ticket->owner() != $session->principal_id ) { |
---|
| 24 | $request->NeedPrivilege('DAV::unbind'); |
---|
| 25 | } |
---|
| 26 | |
---|
| 27 | if ( ! isset($request->ticket) ) { |
---|
| 28 | if ( isset($_GET['ticket']) || isset($_SERVER['HTTP_TICKET']) ) { |
---|
| 29 | $r = new DAVResource($request->path); |
---|
| 30 | if ( ! $r->Exists() ) { |
---|
| 31 | $request->PreconditionFailed(404,'not-found'); |
---|
| 32 | } |
---|
| 33 | else { |
---|
| 34 | $request->PreconditionFailed(412,'ticket-does-not-exist','The specified ticket does not exist'); |
---|
| 35 | } |
---|
| 36 | } |
---|
| 37 | else |
---|
| 38 | $request->MalformedRequest('No ticket specified'); |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | $qry = new AwlQuery('DELETE FROM access_ticket WHERE ticket_id=:ticket_id', array( ':ticket_id' => $request->ticket->id() ) ); |
---|
| 42 | if ( $qry->Exec('DELTICKET', __LINE__, __FILE__) ) { |
---|
| 43 | $request->DoResponse( 204 ); |
---|
| 44 | } |
---|
| 45 | $request->DoResponse( 500 ); |
---|